Internet Virus: SunOS patches
Tony Nardo
trn at warper.jhuapl.edu
Thu Nov 10 15:35:52 AEST 1988
In article <76493 at sun.uucp> chuq at plaid.Sun.COM (Chuq Von Rospach) writes:
>Install the new fingerd as follows:
>
> % su
> # cp in.fingerd /usr/etc/in.fingerd.new
> # cd /usr/etc
> # mv in.fingerd in.fingerd.orig
> # mv in.fingerd.new in.fingerd
> # chown root in.fingerd
> # chmod 755 in.fingerd
If you do this under SunOS 3.*, you will find that the *other* finger bug
(which I will happily describe to anyone who E-mails me from "root") still
exists. Instead, try the commands
% su
# cp in.fingerd /usr/etc/in.fingerd.new
# cd /usr/etc
# mv in.fingerd in.fingerd.orig
# mv in.fingerd.new in.fingerd
# chown news in.fingerd
# chgrp news in.fingerd
# chmod 6755 in.fingerd
before rebooting. I chose "news" as my harmless user. You can use any
sufficiently underpowered user in its place (except "nobody", or any other
account with a negative user number).
For SunOS 4.0, you can keep the file ownership as "root". Simply modify
"inetd.conf" to run "fingerd" from a harmless user's account (again, do not
use "nobody") rather than as "root".
Tony Nardo
P.S. *** DO NOT USE 'r' or 'R' to reply! ***
Apologies to those on machines "aplcen" and below, who have now
received this message twice. "warper" had a slight problem in
sending news...
==============================================================================
ARPA: trn%warper at aplvax.jhuapl.edu OR nardo%str.decnet at capsrv.jhuapl.edu
BITNET: trn at warper.jhuapl.edu
UUCP: {backbone!}mimsy!aplcen!aplcomm!warper!trn
USnail: c/o Johns Hopkins University/APL, Room 7-53
Johns Hopkins Road, Laurel, Md. 20707
==============================================================================
More information about the Comp.unix.wizards
mailing list